The University of Queensland Homepage
UQ HomepageSearch UQFind all Contacts at UQStudy Options at UQEvents at UQUQ MapsUQ LibraryLink to my.UQ
School of ITEE ITEE Main Website
      





ITEE News and Events


 More Handouts will be added here during the course of the semester!

New material will be added at the top!

(Please let me know if you experience any problems accessing the files.)

Computer based Access Control

R Sandhu and P. Samarati, "Access Control: Principles and Practice", IEEE Communications Magazine, 32:40–48, September 1994
http://www.list.gmu.edu/journals/commun/i94ac(org).pdf
 

Security Models

Introduction to Computer Security , By Matt Bishop

You can access an online version of this book via Safari from internal networks only.
Just go the Safari main site and search for the book title.
http://proquest.safaribooksonline.com/

Bell LaPadula
Chapter 5. Confidentiality Policies

Biba, Clark Wilson
Chapter 7, Integrity Policies
 

Attacks

Buffer Overflow Attack
"Smashing the Stack for Fun and Profit"
http://www.insecure.org/stf/smashstack.txt
 

Security Assurance/Evaluation

Orange Book Summary
http://www.dynamoo.com/orange/summary.htm

The Common Criteria (brief summary by Nancy R. Mead, Carnegie Mellon University on US DHS site)
https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/requirements/239-BSI.html

Common Criteria Portal, in particular Part 1 Chapters 6 and 7 (and Figures 2 and 3)
http://www.commoncriteriaportal.org/thecc.html
 

 

Week 5:

Biometrics

A. K. Jain et al., "Biometrics: A Grand Challenge", Proc. of  ICPR (2004)
http://www.csee.wvu.edu/~ross/ pubs/RossGrandChallenge_ICPR04.pdf
 

Probability Theory Basics

P. Sebastiani, "A Tutorial on Probability Theory",
http://www.docstoc.com/docs/2144192/A-Tutorial-on-Probability-Theory
 

Week 4:

Authentication

Leslie Lamport, “Password Authentication with Insecure Communication”, Communications of the ACM, November 1981
http://research.microsoft.com/users/lamport/pubs/password.pdf

The S/KEY One-Time Password System, RFC1760
http://www.ietf.org/rfc/rfc1760.txt

Richard E. Smith, "The Strong Password Dilemma",
http://www.smat.us/sanity/pwdilemma.html

HTTP Authentication, RFC2617
http://www.ietf.org/rfc/rfc2617.txt
 

Week 3:

Introduction to Web Services

http://www.developer.com/services/article.php/1485821
http://www.ariadne.ac.uk/issue29/gardner/
 

Week 2:

Security Architecture and Design

SABSA White Paper
http://www.cioindex.com/nm/articlefiles/60152-SABSA_White_Paper.pdf
 

Week 1:

Risk Management

Australian Risk Management Standard AS/NZS ISO 31000:2009 Risk management - Principles and guidelines

The document can be accessed in pdf format via the UQ library. (Standards online premium)
UQ has 3 licenses so only 3 people at the time can access the standards online web site.
You might need to try a few times. You will only have access from within the UQ network.

Go to the following site and search for 31000 and you should find the document.
www.saiglobal.com/online/autologin.asp
 

 

Evaluation of Information Sources, Critical Thinking
(Helpful for Assignments)

http://www.bothell.washington.edu/library/guides/eval.html
http://lib.nmsu.edu/instruction/evalcrit.html

 
© 2002-2012 The University of Queensland, Brisbane, Australia
ABN 63 942 912 684
CRICOS Provider No: 00025B
Authorised by: Head of School
Maintained by: webmasters@itee.uq.edu.au
Last Updated: 17 November, 2011, 6:41am